Recently, cybersecurity experts revealed a stealthy Linux malware that can hide credit card skimmers’ codes. However, it is not new malware because Aon’s Stroz Friedberg team discovered and named it Sedexp in 2022.
The Sedexp malware remained identified due to the advanced stealth techniques to handle persistence on the systems. So why is everyone talking about sedexp now? Here are the reasons:
What Exactly Happened?
After remaining unidentified over the years, sedexp malware was finally found to be actively used by many scammers to hide credit card skimmer codes on a web server. Sedexp exploits udev rules to remain undetectable in infected systems. Udev is used to manage device events, such as creating, modifying, and removing device nodes in the /dev directory. Furthermore, udev has specific rules for node management, which are stored in text config files.
Sedexp renames its processes to kdevtmpfs, signaling the system that it is a legitimate process. That’s why it becomes hard for system monitoring tools to detect this malware. It can generate a reverse shell on the system, which allows attackers to control your system remotely. Hence, the detection of sedexp shows the evolution of cybercriminals, and it is definitely a reminder of how advanced these attackers are becoming.
What Experts Recommend Against Sedexp Malware?
Many experts have a bunch of suggestions to withstand the sedexp malware and protect your system from it:
- Regular auditing and monitoring udev rules to identify and remove unauthorized entities.
- Update the system and its applications regularly to protect it from all vulnerabilities.
- Strengthen the access control and restrict the root access to minimize the risk.
- Implement the behavioral detection system to monitor unusual activities.
- Backup your system regularly on a separate network to protect them from malware.
Finally, it is highly suggested that you stay aware of sedexp and protect your system from these attacks.
